Обсуждение: In which module does query rewriting takes place
Hi,<br /><br />We are trying to introduce access control. For this we have to rewrite the input query by replacing each relationby its corresponding authorized view. Which part of the code should we modify for this. <br /><br />Till now we havethought of the following: <br /><br />1. We take as input the parse tree generated by the parser.<br />2. We implementa "new" module which rewrites the parse tree into the format we want.<br />3. We feed this new parse tree into theoptimizer.<br /><br />Does a module exist which rewrites the parse tree generated. We saw that there exist some rewritemodule in /src/backend/rewrite. Is that the correct module to make changes to!<br /><br />Thanks<br />Shaunak<br clear="all"/><br />-- <br />It is not the aptitude but the attitude that decides a persons altitude<br />Shaunak Godbole<br/>Senior Undergraduate<br />Computer Science Dept.<br />IIT Powai, Mumbai 400076<br />Ph no: 9819841537
Shaunak Godbole wrote: > Hi, > > We are trying to introduce access control. For this we have to rewrite > the input query by replacing each relation by its corresponding > authorized view. This sounds like a pretty ugly hack. There are already extensive access controls available in postgres. What is there about the existing access controls that does not do what you want? cheers andrew
Andrew Dunstan <andrew@dunslane.net> writes: > Shaunak Godbole wrote: >> We are trying to introduce access control. > This sounds like a pretty ugly hack. Perhaps more to the point, it's already been done: http://veil.projects.postgresql.org/ regards, tom lane
Tom Lane wrote: > Andrew Dunstan <andrew@dunslane.net> writes: > >> Shaunak Godbole wrote: >> >>> We are trying to introduce access control. >>> > > >> This sounds like a pretty ugly hack. >> > > Perhaps more to the point, it's already been done: > http://veil.projects.postgresql.org/ > > > Ah, the missing piece is that case is "row level". cheers andrew